How to Secure FTP Server with TLS/SSL Connection in Ubuntu Server 12.04

Previously, I have written about How to build a FTP server using vsftpd. Acctualy, vsftpd was fairly safe to use personal FTP server, in this post I will sharing how to secure FTP server using TLS / SSL (Transport Layer Security / Secure Sockets Layer). TLS / SSL provide end to end authentication and communications privacy over the Internet using cryptography protocol, with the aim that the process of communication on the internet can not be intercepted by another person

First step to configure TLS/SSL in vsftpd is Create SSL Certificate, in this tutorial I’will using X.509, which is a Public Key Infrastructure (PKI) standard from ITU-T.

Open your terminal and login to the server with ssh, then login with permissions Super User/root by typing the following command:

sudo su

Create directory to store SSL Certificate, in this case SSL Certificate for vsftpd will be placed in the directory /etc/vsftpd:

mkdir /etc/vsftpd/

cd /etc/vsftpd/

Now, create a SSL certificate for vsftpd, in this case SSL certificate that I created will be one year old (365 days), use the following command:

Then you are asked for fill out the required information, After creating SSL certificate is completed, the second step is to edit the configuration file /etc/vsftpd, with the following command:

sudo gedit /etc/vsftpd.conf

or

sudo nano /etc/vsftpd.conf

Match with the following configuration:

# Uncomment this to allow local users to log in.local_enable=YES## Uncomment this to enable any form of FTP write command.write_enable=YES## Turn on SSLssl_enable=YES## Allow anonymous users to use secured SSL connectionsallow_anon_ssl=YES## All non-anonymous logins are forced to use a secure SSL connection in order to# send and receive data on data connections.#force_local_data_ssl=YES# All non-anonymous logins are forced to use a secure SSL connection in order to send the password.#force_local_logins_ssl=YES# Permit TLS v1 protocol connections. TLS v1 connections are preferred#ssl_tlsv1=YES# Permit SSL v2 protocol connections. TLS v1 connections are preferred#ssl_sslv2=NO# permit SSL v3 protocol connections. TLS v1 connections are preferred#ssl_sslv3=NO# This option specifies the location of the RSA certificate to use for SSL# encrypted connections.rsa_cert_file=/etc/vsftpd/vsftpd.pem

Save the configuration and restart vsftpd service:

service vsftp restart

install ftp-ssl to try access the FTP server with TLS/SSL from the client,